By: Harris Andrea
Continuing our series of articles about Cisco ASA 5500 firewalls, I'm offering you here a basic configuration tutorial for the Cisco ASA 5510 security appliance. This device is the second model in the ASA series (ASA 5505, 5510, 5520 etc) and is fairly popular since is intended for small to medium enterprises. Like the smallest ASA 5505 model, the 5510 comes with two license options: The Base license and the Security Plus license. The second one (security plus) provides some performance and hardware enhancements over the base license, such as 130,000 Maximum firewall connections (instead of 50,000), 100 Maximum VLANs (instead of 50), Failover Redundancy, etc. Also, the security plus license enables two of the five firewall network ports to work as 10/100/1000 instead of only 10/100.
Next we will see a simple Internet Access scenario which will help us understand the basic steps needed to setup an ASA 5510. Assume that we are assigned a static public IP address 100.100.100.1 from our ISP. Also, the internal LAN network belongs to subnet 192.168.10.0/24. Interface Ethernet0/0 will be connected on the outside (towards the ISP), and Ethernet0/1 will be connected to the Inside LAN switch.
The firewall will be configured to supply IP addresses dynamically (using DHCP) to the internal hosts. All outbound communication (from inside to outside) will be translated using Port Address Translation (PAT) on the outside public interface. Let's see a snippet of the required configuration steps for this basic scenario:
Step1: Configure a privileged level password (enable password)
By default there is no password for accessing the ASA firewall, so the first step before doing anything else is to configure a privileged level password, which will be needed to allow subsequent access to the appliance. Configure this under Configuration Mode:
ASA5510(config)# enable password mysecretpassword
Step2: Configure the public outside interface
ASA5510(config)# interface Ethernet0/0
ASA5510(config-if)# nameif outside
ASA5510(config-if)# security-level 0
ASA5510(config-if)# ip address 100.100.100.1 255.255.255.252
ASA5510(config-if)# no shut
Step3: Configure the trusted internal interface
ASA5510(config)# interface Ethernet0/1
ASA5510(config-if)# nameif inside
ASA5510(config-if)# security-level 100
ASA5510(config-if)# ip address 192.168.10.1 255.255.255.0
ASA5510(config-if)# no shut
Step 4: Configure PAT on the outside interface
ASA5510(config)# global (outside) 1 interface
ASA5510(config)# nat (inside) 1 0.0.0.0 0.0.0.0
Step 5: Configure Default Route towards the ISP (assume default gateway is 100.100.100.2)
ASA5510(config)# route outside 0.0.0.0 0.0.0.0 100.100.100.2 1
Step 6: Configure the firewall to assign internal IP and DNS address to hosts using DHCP
ASA5510(config)# dhcpd dns 200.200.200.10
ASA5510(config)# dhcpd address 192.168.10.10-192.168.10.200 inside
ASA5510(config)# dhcpd enable inside
About the Author
Harris Andrea is a Cisco Certified Network Professional (CCNP) and Cisco Certified Security Professional (CCSP) with more than 10 years experience in the networking field. He is currently employed as a network security senior engineer in a leading ISP company in Europe. He has designed and implemented several projects involving Cisco ASA/PIX firewalls and other Cisco products and technologies. You can visit his website below for more information about Cisco products and solutions. You can also learn how to configure any Cisco ASA 5500 Firewall Here. Go ahead and check out Harris website for more Cisco configuration examples and other related details about designing and implementing Cisco solutions: Cisco Training.
(ArticlesBase SC #833644)
Article Source: http://www.articlesbase.com/ - Cisco ASA 5510 Firewall : Basic Configuration Tutorial
Related Articles:
Free CCNA tutorial about Cisco IOS Software Cisco Router Configuration modes and Cisco CLI Command Line Interface
The majority of Cisco routers run Cisco IOS Software with the command-line interface (CLI). The CLI is used to interface with the device and send commands to the device. This is achieved through the use of a terminal, a terminal emulator, or a Telnet connection...
Free Cisco CCNA CCNP CCENT Tutorial on Switching SpanningTree Protocol STP
A Layer 2 switch, which functions as a transparent bridge, offers no additional links for redundancy purposes. To add redundancy, a second switch must be added. Now two switches offer the transparent bridging function in parallel...
How To Create And Manage Accesscontrol Lists On Cisco Asa And Pix Firewalls
Access Control Lists (ACLs) are sequential lists of permit and deny conditions applied to traffic flows on a device interface. ACLs are based on various criteria including protocol type source IP address, destination IP address, source port number, and/or destination port number.Access Control Lists (ACLs) are sequential lists of permit and deny conditions applied to traffic flows on a device interface...
Understanding The Eight Base Commands On A Cisco Asa Security Appliance
There are literally thousands of commands and sub-commands available to configure a Cisco security appliance. As you gain knowledge of the appliance, you will use more and more of the commands. Initially, however, there are just a few commands required to configure basic functionality on the appliance...
NTP Servers Basic NTP Configuration
Network Time Protocol has been developed to keep computers synchronized. All computers are prone to drift and accurate timing is essential for many time critical applications.Network Time Protocol has been developed to keep computers synchronized...
Cisco CBAC a The Poor Mans Firewall
Password Recovery On The Cisco Asa Security Appliance
In this article, I'll explain how to perform a password "reset" on your Cisco ASA security appliance. The more commonly used term for this procedure is "password recovery" which is left over from the days when you could actually view passwords in configuration files in plain text. Today, such passwords are encrypted and not actually recoverable...
Cisco CCNP ISCW Certification Exam Tutorial The Key Difference Between IPS And IDS
When it comes to your Cisco CCNP certification exams, success is in the details, and that's particularly true of your ISCW exam.You're going to need to know all the vital details of configuring and troubleshooting Cisco's Intrusion Prevention System (IPS), both from the command line and via Security Device Manager (SDM)...
Cisco CCNP Certification Exam Tutorial Knowing RADIUS and TACACS For Your ISCW Exam
As part of your CCNP certification exam studies, particularly for the ISCW exam, you need to be very clear on the differences between TACACS+ and RADIUS.As a CCNA and future CCNP, you've already configured authentication in the form of creating a local database of usernames and passwords for both Telnet access and PPP authentication. This is sometimes called a self-contained AAA deployment, since no external server is involved...
Cisco CCENT CCNA Certification Exam Tutorial What Are Broadcast Storms
The Cisco CCENT exam demands that you master the fundamentals of networking, and it doesn€™t get much more fundamental than broadcasts! Every network has them, and every network administrator needs to be aware of what broadcasts are and their potential impact on network performance...
Most Recent News
More Related Articles
Cisco CCNP Certification Training Tutorial Priority Queuing For The ONT Exam
You can€™t earn your CCNP certification without passing the Cisco ONT exam, and queuing is a huge topic on that exam! Priority queuing, LLQ, weighted fair queuing €“ you€™ll see them all and more on your ONT exam. Today, we€™ll take a close look at priority queuing theory.Priority queuing is unique in that it has four pre-configured queues, and while we have some control over those queues, we can€™t add more of them...
Cisco CCNP BCMSN 642812 Certification Exam Tutorial DHCP Snooping
An important part of passing the Cisco CCNP BCMSN exam and protecting your network from intruders is to recognize that even everyday protocols and services can work against us once that intruder is in our network...
Cisco CCNA CCNP Certification Exam Tutorial EIGRP And Split Horizon
EIGRP is a major topic for your CCNA and CCNP studies, and one basic skill you€™ll need to pass your Cisco certification exams is to identify situations where you need to enable or disable split horizon. EIGRP commands tend to be a little different than those used with other protocols, so let€™s take a look at how EIGRP and split horizon interoperate.EIGRP is a major topic for your CCNA and CCNP studies, and one basic skill you€™ll need to pass your Cisco certification exams is to identify situations where you need to enable or disable split horizon...
Cisco CCNP BSCI 642901 Tutorial Clear Text OSPF Neighbor Authentication
An OSPF adjacency can be authenticated with MD5 (Message Digest 5) or with a clear-text password. I€™m not much on clear-text passwords, and hopefully you aren€™t either! Whether you€™re working in the real world or the certification exam room, though, it€™s always a good idea to know more than one way to do things. Let€™s take a look at how to configure clear-text authentication of an OSPF neighbor relationship...
Cisco CCNP Certification Training Tutorial The New ONT 642845 Exam
The Cisco CCNP certification is changing at the end of 2006, with the BSCI and BCMSN exams being updated and the BCRAN and CIT exams being dropped. One of the two new exams is the 642-845 Optimizing Converged Cisco Networks (ONT) test, and the name of the exam doesn't give many hints as to the material covered!...
Cisco CCNA Certification Training Tutorial PPP Multilink And ISDN BRI
Earning your CCNA certification means you have to notice details about Cisco routers that others might miss, and that's true in the exam room and on the job. In today's tutorial, we'll take a look at multilink PPP - a topic that seems simple enough, but has details that trip up some CCNA certification candidates.Earning your CCNA certification means you have to notice details about Cisco routers that others might miss, and that's true in the exam room and on the job...
Cisco CCNP Certification Training Tutorial The New 642825 ISCW CCNP Exam
Cisco CCNP certification is getting a brand-new look, and that new look includes two new exams! The BCRAN and CIT exams are retiring at the end of 2006, and the exam replacing the BCRAN is the 642-825 Implementing Secure Converged Wide Area Networks exam, which is thankfully known as ISCW...
Posts
No comments:
Post a Comment